on 05-09-2016 8:10 PM
Hi folks,
In SAP source system we have what we call a firefighter role where we can assign access so that a developer for example could have temporary access to production in order to troubleshoot a problem. All firefighter access has an expiration date and is logged for auditor purposes. I'm not aware of a way to do this within HANA studio security. I thought about perhaps setting up special roles and then setting up audit on that role to keep a trail of who was granted access although it doesn't resolve the expiration issue. I'm curious how have others handled this in HANA that may need the same type of access auditing/restriction?
Thanks!
-Patrick
Thanks to your explanation...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
SAP HANA comes with a SAP_INTERNAL_HANA_SUPPORT role that enables supporters to all/most of required accesses.
This role can only be given to users up to a maximum (of 10 I believe) users in parallel.
However, there is no automatic revocation of the assignment.
Assignment of the role can be audited via the standard HANA auditing.
Not sure this is what you're looking for.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The following concepts are important to understand emergency access management(firefight):
Firefighter: the user who requires emergency access
Firefighter ID: the user ID with elevated privileges.
Firefighting: the act of using a Firefighter ID to perform tasks in an emergency
Owner: the user responsible for a Firefighter ID and the assignment of controllers
and Firefighters
Controller: the user who reviews and approves (if required) the log files generated
from firefighting activities
Centralized Firefighting: using the GRC system as the centralized console
through which Firefighters can logon to different system for firefighting
Decentralized Firefighting: Firefighters can directly logon to the plug-in systems
for firefighting; using the GRC system only for maintaining emergency access
assignments and reporting
The above definitions are well explained and courtesy to the below book:
Hope it answers your query
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Aparajit, I understand the Firefighter concept as well as GRC which we have here however I'm talking about from HANA Studio security perspective. I don't think any of this works with HANA security although please correct me if I'm wrong. I searched through the document for mention of HANA security and found nothing.
Thanks,
-Patrick
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.